RLSA-2026:25927

Security

Mirrored from RHSA-2026:25927

Issued at: 2026-06-17

Updated at: 2026-06-17

Synopsis

Important: webkit2gtk3 security update

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)

* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)

* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)

* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2471790

2483955

2483956

2483957

2483958

2483959

2483960

2483961

2483962

2483963

2483964

2483965

2483966

2483967

2483968

2483969

CVEs

CVE-2026-28847

CVE-2026-28883

CVE-2026-28901

CVE-2026-28902

CVE-2026-28903

CVE-2026-28904

CVE-2026-28905

CVE-2026-28907

CVE-2026-28942

CVE-2026-28946

CVE-2026-28947

CVE-2026-28953

CVE-2026-28955

CVE-2026-28958

CVE-2026-43658

CVE-2026-43660

Affected packages

Rocky Linux 9 aarch64 - AppStream

webkit2gtk3-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-0:2.52.4-1.el9_8.src.rpm

webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-debugsource-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-devel-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-jsc-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.aarch64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.aarch64.rpm

Rocky Linux 9 x86_64 - AppStream

webkit2gtk3-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-0:2.52.4-1.el9_8.src.rpm

webkit2gtk3-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-debugsource-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-debugsource-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-devel-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-devel-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-jsc-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-jsc-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.x86_64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.i686.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.x86_64.rpm

Rocky Linux 9 ppc64le - AppStream

webkit2gtk3-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-0:2.52.4-1.el9_8.src.rpm

webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-debugsource-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-devel-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-jsc-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.ppc64le.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

webkit2gtk3-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-0:2.52.4-1.el9_8.src.rpm

webkit2gtk3-debuginfo-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-debugsource-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-devel-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-devel-debuginfo-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-jsc-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-jsc-devel-0:2.52.4-1.el9_8.s390x.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.4-1.el9_8.s390x.rpm